Getting "anonymus" caller principal in EJB
sergiu_pienar Mar 25, 2014 6:31 AMUsing JBoss 7.1.1 Final.
My problem is the same as Re: Login-Principal is not propagated to Ejb's SessionContext ...
I am calling a web-service from SOAP UI - passing in correct credentials - the EJB that the web-service exposes is annotated like this:
@Stateless @RemoteBinding(jndiBinding = "ejb:all/all-ejbs/ExecutorBean!com.ExecutorRemote") @LocalBinding(jndiBinding = "java:global/all/all-ejbs/ExecutorBean!com.ExecutorLocal") @Local({ ExecutorLocal.class }) @Remote({ExecutorRemote.class }) @WebService(name = "ExecutorService", serviceName = "ExecutorService") @WebContext(contextRoot = "/service", urlPattern = "/ExecutorService", secureWSDLAccess = false, authMethod = "BASIC", transportGuarantee = "NONE") @SecurityDomain(value = "myRealm") @EndpointConfig(configName = "Standard WSSecurity Endpoint") public class ExecutorBean{...
The problem is that at one point I need the caller principal's name - which I get from the sessionContext:
@Resource public void setSessionContext(final SessionContext sessionContext) throws EJBException, RemoteException { this.sessionContext = sessionContext; }
However when I do the following:
String logname = this.sessionContext.getCallerPrincipal().getName();
I get "anonymus".
Relevant sections from the configuration file below:
<subsystem xmlns="urn:jboss:domain:security:1.1"> <security-domains> <security-domain name="other" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/> <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/> <module-option name="password-stacking" value="useFirstPass"/> </login-module> </authentication> </security-domain> <security-domain name="myRealm" cache-type="default"> <authentication> <login-module code="com.LoginModule" flag="required"> <module-option name="dsJndiName" value="java:jboss/datasources/myDS"/> <module-option name="hashAlgorithm" value="SHA"/> <module-option name="hashEncoding" value="BASE64"/> <module-option name="principalsQuery" value="SELECT u.password FROM ..."/> <module-option name="rolesQuery" value="SELECT p.label..."/> </login-module> </authentication> </security-domain> <security-domain name="client-login" cache-type="default"> <authentication> <login-module code="com.LoginModule" flag="required" module="org.jboss.login.module"> <module-option name="dsJndiName" value="java:jboss/datasources/myDS"/> <module-option name="hashAlgorithm" value="SHA"/> <module-option name="hashEncoding" value="BASE64"/> <module-option name="principalsQuery" value="SELECT u.password ..."/> <module-option name="rolesQuery" value="SELECT p.label,..."/> </login-module> </authentication> </security-domain>
<subsystem xmlns="urn:jboss:domain:remoting:1.1"> <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/> </subsystem>
<management> <security-realms> <security-realm name="ManagementRealm"> <authentication> <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> </authentication> </security-realm> <security-realm name="ApplicationRealm"> <authentication> <jaas name="myRealm"/> </authentication> </security-realm>
In the EAR's META-INF I have a jboss-app.xml file with the following contents:
<jboss-app xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="7.0"> <security-domain>myRealm</security-domain> </jboss-app>
The custom login module is deployed under modules/org/jboss/login and works fine for my base app but somehow the principal is not being propagated.